Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SCEP/Endpoint Protection logging

    I would like Endpoint Protection to do one of the following things:
    a. Log to file/winevent when infected - on the actual client
    b. Log to file/winevent when infected - on server

    For all the Companies using log analytics tools there are no good way to get the information. We use a custom sql-trigger to kick off a PowerShell script which writes an logentry to EventLog on the server. That is suboptimal to say at least.

    The dashboards for EP in ConfigMgr is not good enough and really ineffective when you have a lot of detections.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Windows Defender Advanced Threat Protection - Collect/Surface Log Data

    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection

    The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Streamline Defender/Endpoint Protection settings

    Minor thing, but in Defender under Win10, excluded Files and Folders are separate, and Items in Antimalware policies, regardless weather File or Folder are shown in Defender/Win10 settings under Excluded Files. (the exclusion however still works so that is why it's a minor thing)

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. 14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Add Tamper Protection

    We need to be able to prevent admin users from disabling or uninstalling SCEP without a secondary form of authentication/protection.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy

    Wildcards can not be used when configuring Excluded Processes in Exclusion Settings in the anti-malware policy.
    Since it is judged as an invalid character string, please add a function so that it can be used.

    With Windows Defender alone, you can use wildcards for process exclusion.

    Use wildcards in the process exclusion list
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-process-exclusion-list

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Windows Defender Offline Scan - Endpoint Protection Client Action, Schedule

    Integrate some management of Windows Defender Offline Scan. For a first iteration, add the ability to schedule an offline scan during next reboot to Fast Channel Notifications.

    On a future iteration, allow anti-malware policy to schedule an offline scan every X days on reboot.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Add Bitlocker management to SCCM.

    Allow for the provisioning, management and recovery of bitlocker protected volumes using sccm.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Allow non-admin users to change time of scheduled scans.

    Currentlly, if this option is set, the users have the option to change the time (it is not greyed out like all the other settings which users are not allowed to change), but cannot save changes (UAC admin "save changes" button). Only users with local admin rights are allowed to apply the changes.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Add the ability to unlock a bitlockered drive in WinPE via MBAM

    for refresh/reinstall scenarios in WinPE where you have an already MBAM managed/Bitlockered client, and you want to reinstall it or refresh to a new os, the OS drive is bitlockered and therefore you cannot read it or pull data from it (USMT), we've used various versions of this for MBAM https://www.windows-noob.com/forums/topic/4173-how-can-i-retrieve-my-bitlocker-recovery-key-from-mbam-in-windows-pe/ but it would be nice if this ability was integrated within ConfigMgr now that MBAM is integrated too and to do it securely via https

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Include latest antimalware platform release with ConfigMgr client

    New anti-malware platform updates are released periodically. It would be good to have the latest version included as part of the ConfigMgr client installation so that clients can take advantage of the latest features in Endpoint Protection.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Please add folder support in Endpoint Protection - Antimalware Policies

    We manage desktops and servers in the same SCCM infrastructure but by different teams. When we create antimalware policies, we have resorted to prefixing every entry with either desktop - ... or server - ... This would be great to support a folder structure to keep this clean. We have 45 policies so far and that list will probably swell to 75 or 100. RBA per folder would be a bonus.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Update SCEP import to handle JSON

    The current SCEP import only handles XML feeds for import through the SCCM console. XML is no longer supported and is replaced by JSON, can we please have the import updated to handle JSON instead?

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Info channel disposing details on logic/behaviour of EP

    We would like an information channel, where MS disposes information on the behavior of the Endpoint Protection product. Especially when things change but also how things are now (logic, build-in defaults, parameterization and how to configure, etc...).
    E.g. : We recently had a 'false positive' Worm:Win32/Bluber.A detected in C:\Windows\System32\sysinfo.ocx file. In this case, we chose to 'quick fix' this issue by performing a 'Restore files quarantined by this threat' (see picture). This action creates an exception rule for the detection and remediation of this particular threat, on the SCCM EP GPO. This exception is only temporary; it used to beā€¦

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Automating Microsoft Endpoint Full System Scan upon Infection with Email Notification

    I wrote a PowerShell custom detection method that reads the event viewer logs and thereby returns a failed installation if an infection is logged in the event viewer. The application installation is therefore a powershell script that initiates a full system scan. For the custom detection to be successful, there must be an event viewer entry of the full system scan after the infection entry. I have written up the process in my blog posting here: http://mickitblog.blogspot.com/2015/12/automating-microsoft-endpoint-full.html

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. SCEP: Ability to put exclusions specific to individual machines.

    Hi Team,

    We currently do not have ability to put exclusions specific to individual machines. This can oly be done through collections and policies. Why dont we give the ability to end point amdinistrator group to add exclusiosns to individual machines based on requests which is possible through McAfee.

    Thanks,
    Vinayak

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering

    I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering via the agent.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Windows Defender ATP Agent Onboarding State should include all supported ATP OS

    In the Devices view, ATP onboarding state is only reported for Windows 10 devices. Other OS have a blank state.

    Currently (Oct-Nov 2018) working on an ATP trial with a customer who has +90% Windows 7 workstations. Support for Windows versions previous to Windows 10 is currently a preview feature for ATP. Still, having the ATP onboarding state and related info for Windows pre-10, would provide for a much nicer overview. The customer doesn't want to hear to upgrade to Windows 10 all the time.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add all levels of "Sample Submission" to GUI

    In the client Policy for SCEP we have "Auto Sample Submission" turned on as the default. However this only works for some files that are suspicious. There are actually two other levels of Sample Submission that can only be obtained by changing registry values and pushing out these settings as a script via SCCM, or GPO. Would love to have these exposed through the GUI.

    Talking about these settings:

    Problem:
    SCEP is prompting for submission of suspicious files when in policy "Auto Sample Submissions" are enabled. Trying to find out why we are getting prompts.

    Resolution:
    I received and reviewedā€¦

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Add "source IP" filed in SCEP alert to indicate malware infection source for worms

    I suggest to add the ā€œsource IPā€ field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

    We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

    Expected detection from 3rd party AM product

    === Event Details ===
    Event ID: 147613895128
    Start Time: 21 Sep 2017 10:25:47 CST
    End Time: 21 Sep 2017 10:25:47ā€¦

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base